Urgent Alert: Critical RCE Vulnerabilities Identified in Ivanti Endpoint Manager

In the complex landscape of enterprise cybersecurity, Endpoint Management Solutions are indispensable, acting as central nervous systems for device control and security policies. When these critical systems are compromised, the ripple effects can be severe, potentially exposing an entire network to malicious actors. Today, we bring your immediate attention to a pressing concern in this vital domain: newly disclosed high-severity Remote Code Execution (RCE) vulnerabilities within Ivanti Endpoint Manager (EPM).

Ivanti has recently issued security updates addressing two significant flaws, CVE-2025-9712 and CVE-2025-9872. These vulnerabilities, scoring high on the severity scale, present a clear and present danger: the ability for attackers to execute arbitrary code remotely on affected EPM instances. While Ivanti has stated they are not aware of in-the-wild exploitation at this time, the potential for impact necessitates immediate action from all organizations leveraging this platform.

Understanding the Threat: Ivanti EPM RCE Vulnerabilities

The core of this alert revolves around two distinct, yet equally critical, vulnerabilities that provide attackers with Remote Code Execution capabilities. RCE is one of the most severe types of vulnerabilities, granting an attacker the ability to run their own code on a remote system. In the context of an Endpoint Manager, this could translate to:

• Full System Compromise: Gaining administrative access to the EPM server, which often has elevated privileges across the network segment it manages.
• Lateral Movement: Using the compromised EPM as a pivot point to move deeper into an organization’s network, deploying malware, or exfiltrating sensitive data.
• Disruption of Operations: Interfering with endpoint management processes, potentially disabling security controls, or deploying disruptive payloads to managed devices.

These vulnerabilities affect multiple versions of Ivanti Endpoint Manager, underscoring the broad potential attack surface. Specifics regarding the technical exploitation details of CVE-2025-9712 and CVE-2025-9872 are typically withheld by vendors to prevent immediate widespread exploitation prior to patching. However, the designation of “Remote Code Execution” is sufficient to classify these as critical, demanding immediate attention from IT and security teams.

Affected Versions and Impact Assessment

While the precise list of all affected versions is typically detailed in Ivanti’s official security advisories, the alert indicates multiple product versions are vulnerable. Organizations must consult Ivanti’s official security bulletin for the definitive list of affected builds and versions. The impact of these vulnerabilities, if exploited, is high:

• Confidentiality: Unauthorized access to sensitive data managed or collected by EPM.
• Integrity: Malicious modification of system configurations, software deployments, or data.
• Availability: Potential disruption of EPM services, leading to loss of management capabilities over endpoints.

Given the central role Ivanti EPM plays in managing and securing an organization’s endpoints, a successful RCE attack can severely undermine an enterprise’s overall security posture.

Remediation Actions: Mitigating the Risk

Proactive and timely remediation is paramount. Organizations running Ivanti Endpoint Manager must take the following steps:

• Immediate Patching: Prioritize the deployment of the security updates released by Ivanti. This is the most critical step to address the vulnerabilities. Ensure your patch management processes are robust and can deploy these updates swiftly across all EPM instances.
• Verify Patch Application: After applying updates, thoroughly verify that the patches have been successfully installed and the vulnerable components are no longer present.
• Network Segmentation and Least Privilege: Review and reinforce network segmentation policies around your EPM servers. Restrict network access to EPM interfaces to only necessary administrative personnel and systems. Implement the principle of least privilege for EPM accounts and services.
• Regular Backups: Ensure regular and secure backups of your EPM configuration and data. This allows for quick recovery in case of an incident.
• Monitor Logs: Increase vigilance in monitoring logs from your EPM servers and surrounding network infrastructure for any unusual activity, failed logins, or signs of compromise.

Security Tools for Detection and Mitigation

Leveraging appropriate security tools can aid in both detecting potential exploitation attempts and bolstering your overall defense-in-depth strategy.

Tool Name	Purpose	Link
Endpoint Detection & Response (EDR) Solutions	Real-time monitoring of endpoints for malicious activity, including potential RCE attempts and post-exploitation behaviors.	Gartner Peer Insights (EDR)
Vulnerability Scanners	Identifying unpatched systems and known vulnerabilities within your network, including potentially vulnerable Ivanti EPM instances.	Tenable Nessus / Rapid7 Nexpose
Security Information and Event Management (SIEM)	Aggregating and analyzing security logs from EPM, firewalls, and other systems to detect anomalies and potential breaches.	Splunk Enterprise Security / Microsoft Sentinel
Network Intrusion Detection/Prevention Systems (NIDS/NIPS)	Monitoring network traffic for suspicious patterns, known exploit signatures, and unauthorized access attempts targeting EPM.	Snort / Suricata

Conclusion: Prioritizing Endpoint Security

The disclosure of these critical RCE vulnerabilities in Ivanti Endpoint Manager serves as a stark reminder of the ongoing challenges in securing complex enterprise environments. While the immediate focus must be on applying the necessary security updates for CVE-2025-9712 and , this incident also underscores the broader importance of a comprehensive cybersecurity strategy. Regularly auditing critical infrastructure components, maintaining robust patch management processes, and implementing defense-in-depth security measures are not merely best practices; they are foundational requirements for resilience against sophisticated cyber threats. Stay vigilant, stay updated, and secure your endpoints.